Dr. Anton Chuvakin answers questions about SIEM, EDR, and XDR — from our recent SANS webinar on the future of SIEM

Posted by Phil Neray on April 29, 2022

Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?”

Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questions like:

  • When do you think the industry will understand what XDR entails?
  • How do you define ‘XDR’ and what role does SIEM play here?
  • Should a SIEM or EDR solution be managed by a third party?
  • Does it pay to integrate known vulnerabilities into SIEM cases and rules?
  • What role do you see SIEM playing in Zero Trust?
  • How are folks making decisions on what data to centralize into their SIEM?
  • What about running multiple different SIEMs, have you seen that work in practice?
  • Where do you see UEBA fitting into the next generation SIEMS? Any specific use cases you think are key?
  • What is your opinion on retention of data in your SIEM? How long should you retain and why?
  • Should you pay for threat intelligence feeds for the SIEM?
  • Should we use the kill chain framework or MITRE ATT&CK to develop use cases?

Anton's blog also includes links to longer posts about threat detection coverage and how to measure detection quality  in your SIEM.

You can find the full SANS recording and slides here (free SANS account required).

 

 

 

 

Topics: News, Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps, Cloud